<?php
/**
*
* 功能描述（系统功能控制器）
*
* @author suoya <jlusuoya@gmail.com>
* @version 1
*/

class CtrlSystem extends CtrlBase
{
	public $paramCheck = array(
		'sendpwdmail' => array(
			'user_name' => array('POST', 'must', 'trim', 'notempty'),
			'email' => array('POST', 'must', 'trim', 'email'),
			'authcode' => array('POST', 'must', 'intval', 'positive'),
		),
		'chpwdbymail' => array(
			'key' => array('GET', 'must', 'trim', 'notempty'),
		),
		'setpwdbymail' => array(
			'user_name' => array('POST', 'must', 'trim', 'notempty'),
			'authcode' => array('POST', 'must', 'intval', 'positive'),
			'new_password' => array('POST', 'must', 'intval', 'positive'),
			'mail_key' => array('SESSION', 'must', '', ''),
		),
		'setpwdbymsg' => array(
			'authcode' => array('POST', 'must', 'intval', 'positive'),
			'new_password' => array('POST', 'must', 'intval', 'positive'),
			'mobile_allow' => array('SESSION', 'must', '', 'mobile'),
		),
		'chpwdbymsg' => array(
			'mobile_auth' => array('SESSION', 'must', '', ''),
			'mobile' => array('POST', 'must', 'trim', 'mobile'),
			'authcode' => array('POST', 'must', 'intval', 'positive'),
		),
		'checkvoucher' => array(
			'no' => array('GET', 'must', 'trim', 'notempty'),
		),
	);

	function CheckVoucher()
	{
		if(TimeLimit($this, 'system.checkvoucher', 10))
			return RT_MSG;
		$no = $this->params['no'];
		if(!CheckNo($no))	//非法序列号
			return RT_ATTACK;
		$msg = '';
		$v_data = $this->GetVoucher($no, $msg);
		if($v_data == null)
		{
			if($msg == '')
				return RT_ATTACK;
			$data = array(
				'amount' => 0,
				'lefttime' => 0,
				'msg' => $msg,
			);
		}
		else
		{
			$data = array(
				'amount' => $v_data['amount'],
				'lefttime' => $v_data['lefttime'],
				'msg' => $msg,
			);
		}
		return $data;
	}

	private function GetVoucher($no, &$msg)
	{
		$vobj = $this->GetModel("Voucher");
		$v_data = $vobj->GetInfo($no);
		if(!$v_data)
			return null;
		switch($v_data['status'])
		{
		case 4:	
			$msg = VOUCHER_USE; //已使用
			return null;
		case 5:
			$msg = VOUCHER_OUT; //已使过期
			return null;
		}
		return $v_data;
	}

	function ChPwdByMsg()
	{
		$mobile = $this->params['mobile'];
		$obj = $this->GetModel("mobile");
		if($obj->CheckAuthcode($mobile, $this->params['authcode'], $this->params['mobile_auth'], 1) != 0)
			return RT_ATTACK;
		unset($_SESSION['mobile_auth']);	//必须清除
		$_SESSION['mobile_allow'] = $mobile;
		return RT_TPL;
	}

	function SendPwdMail()
	{
		if(TimeLimit($this, 'system.sendpwdmail', 10))
			return RT_MSG;
		if(!CheckImgAuthcode($this->params['authcode']))
		{
			$this->assign("msg", "验证码错误，请重新输入");
			return RT_MSG;
		}
		$obj = $this->GetModel("user");
		$data = $obj->GetInfo($this->params['user_name'], 2);
		if(!$data)
		{	
			$this->assign("msg", "用户不存在");
			return RT_MSG;
		}
		if($data['email'] != $this->params['email'])
		{
			$this->assign("msg", "邮件不正确或者未设置");
			return RT_MSG;
		}
		$key = rand(1,9999999);
		$ret = $obj->SetKey($data['id'], $key, 0);
		$content = $this->GetPwdContent($data['id'], $data['name'], $key);
		if(SendMail($data['email'], "密码找回", $content))
			$msg = "邮件已发送至" . $data['email'];
		else
			$msg = "邮件发送失败，确认地址是否有效";
		$this->assign("msg", $msg);
		return RT_MSG;
	}

	function ChPwdByMail()
	{
		$key = base64_decode($this->params['key']);
		if(!$key)
			return RT_ATTACK;
		$msg = "";
		$data = RsaDecrypt($key, $msg);
		if(!$data)
			return RT_ATTACK;
		$obj = json_decode($data, 1);
		if(time(0) - $obj['time'] > 3600)
		{
			$this->assign("msg", "邮件失效，已经超过1小时");
			return RT_MSG;
		}
		//
		$uobj = $this->GetModel("user");
		$cnt = $uobj->SetKey($obj['id'], 0, $obj['key']);
		if($cnt <= 0)
		{
			$this->assign("msg", "邮件已失效");
			return RT_MSG;
		}
		$_SESSION['mail_key'] = $obj;
		return RT_TPL;
	}

	function SetPwdByMsg()
	{
		$mobile = $this->params['mobile_allow'];
		unset($_SESSION['mobile_allow']);
		if(!CheckImgAuthcode($this->params['authcode']))
		{
			$this->assign("msg", "验证码错误，请重新输入");
			return RT_MSG;
		}
		//设置密码
		$uobj = $this->GetModel("user");
		$data = $uobj->GetByMobile($mobile);
		$uobj->SetPwd($data['id'], $this->params['new_password']);
		$msg = "密码修改成功";
		$this->assign("msg", $msg);
		return RT_MSG;
	}
	
	function SetPwdByMail()
	{
		if(!CheckImgAuthcode($this->params['authcode']))
		{
			$this->assign("msg", "验证码错误，请重新输入");
			return RT_MSG;
		}
		$obj = $this->params['mail_key'];
		unset($_SESSION['mail_key']);
		if($obj['name'] != $this->params['user_name'])
		{
			$this->assign("msg", "用户名输入错误");
			return RT_MSG;
		}
		if(time(0) - $obj['time'] > 3600)
		{
			$this->assign("msg", "邮件失效，已经超过1小时");
			return RT_MSG;
		}
		//设置密码
		$uobj = $this->GetModel("user");
		$uobj->SetPwd($obj['id'], $this->params['new_password']);
		$msg = "密码修改成功";
		$this->assign("msg", $msg);
		return RT_MSG;
	}

	private function GetPwdContent($id, $name, $key)
	{
		$data = json_encode(array( "id" => $id, "name" => $name, "time" => time(), 'key'=>$key));
		$msg = "";
		$data = RsaEncrypt($data, $msg);
		if(!$data)
			SysDie('T_RSA', 'E_RSAEN', $msg);
		$url = "http://".$_SERVER ['HTTP_HOST']
			. $_SERVER['PHP_SELF']."?action=system.chpwdbymail&key=" . urlencode(base64_encode($data));
		$content = <<<EOF
${name}，您好！

您的用户名是：${name}

如果要重置您梵地网的密码，请点击以下链接。

<a href="$url">点击地址：$url</a>

（请在1小时内完成重置，1小时后此邮件失效，您将需要重新提交密码找回）

如果通过点击以上链接无法访问，请将该网址复制并粘贴至新的浏览器窗口中。

您收到这封邮件是因为我们收到了您要重置密码的请求。如果您没有进行相关操作，错误的收到了此邮件，

您无需执行任何操作来取消密码找回！您的账户密码将不会被修改！

一旦您重置了您的密码，请确保密码的强度。不要向任何人透露您的密码，或在邮件中填写密码信息。

如果您对您的账户有任何问题或疑问，请联系我们：

邮箱：fandi_cake.126.com

免费客服电话：XXXXXX
EOF;
		return $content;
	}
}

